Setting up and using Multi Factor Authentication (2FA/MFA)

What’s wrong with my username and password?

Typical online authentication requires a username and a password – this is something a user has to know.

These can be (and are frequently) written down, shared with other people or leaked to the world via hackers.

Users will often setup the same username and password with multiple online services. This is super-convenient because they only have to remember one set of credentials, but if those credentials get leaked, hackers will have access to all services where that set of credentials have been used.

This could be your mailbox, your social media accounts, online shops, dating sites (!) etc. and once an attacker has access to your mailbox, they can use the “forgot password” function of any website to reset your password and control your account.

To remedy all this, you can add an additional layer of security called Two Factor Authentication (2FA), sometimes called Multi Factor Authentication (MFA).

What is Multi Factor Authentication?

This is so-called because it adds an additional factor to the authentication process – specifically it relies on something a user has in addition to something they know.

MFA is typically implemented on a physical device such as a security fob or smartphone. The device generates a 6 to 8 digit number every 30 seconds which is unique to the owner of the device and the online service that provided the code.

To log into an online service protected by MFA, you now need to provide your username and password (something you know) and the number displayed by your code generator (something you have). The online service knows the number your code generator will produce and checks all three items before logging you in.

to be continued…

Leave a comment